CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,374 vulnerabilities with CWE-352
CVE-2021-24218 HIGH
Facebook for WordPress 3.0.0-3.0.3 - Cross-Site Request Forgery via AJAX Settings Actions
CVSS 8.8
CVE-2021-25327 MEDIUM
Skyworth Digital Technology RN510 V.3.1.0.4 - CSRF
CVSS 6.5
CVE-2021-25326 MEDIUM
Skyworth Digital Technology RN510 V.3.1.0.4 - Info Disclosure
CVSS 5.4
CVE-2021-22512 MEDIUM
Micro Focus Application Automation Tools Plugin - Jenkins <6.7 - CSRF
CVSS 6.5
CVE-2021-30114 MEDIUM
Web-School ERP V 5.0 - Cross-Site Request Forgery via Voucher Payment Request
CVSS 6.5
CVE-2021-30112 MEDIUM
Web-School ERP 5.0 - Cross-Site Request Forgery via Student Leave Application
CVSS 6.5
CVE-2021-21641 MEDIUM
Jenkins promoted builds < 3.9 - Cross-Site Request Forgery
CVSS 4.3
CVE-2021-20687 HIGH
Kagemai 0.8.8 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-30147 HIGH
DMA Softlab Radius Manager 4.4.0 - CSRF
CVSS 8.8
CVE-2021-24174 HIGH
Database Backups WordPress Plugin <= 1.2.2.6 - Cross-Site Request Forgery
CVSS 8.1
CVE-2021-24173 MEDIUM
VM Backups < 1.0 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting
CVSS 6.1
CVE-2021-24172 MEDIUM
VM Backups WordPress Plugin < 1.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2021-24166 MEDIUM
Ninja Forms < 3.4.34 - Cross-Site Request Forgery via OAuth Disconnect Endpoint
CVSS 5.4
CVE-2021-24162 HIGH
Responsive Menu < 4.0.4 - Cross-Site Request Forgery via Settings Import
CVSS 8.8
CVE-2021-24161 HIGH
Responsive Menu < 4.0.4 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-24159 HIGH
Contact Form 7 Style < 3.1.9 - Cross-Site Request Forgery via Custom CSS Feature
CVSS 8.8
CVE-2021-29660 HIGH
Softing OPC Toolbox < 4.10.1.13035 - Cross-Site Request Forgery via Password Reset Endpoint
CVSS 8.8
CVE-2021-22202 LOW
GitLab < 13.10.0 - Cross-Site Request Forgery via System Hooks API
CVSS 2.4
CVE-2021-25924 HIGH
GoCD 19.6.0-21.1.0 - Cross-Site Request Forgery via Backup Configuration Endpoint
CVSS 8.8
CVE-2021-26071 LOW
Jira Server/Data Center <8.5.13, 8.6.0-8.13.5 - CSRF via SetFeatureEnabled.jspa
CVSS 3.5
CVE-2021-29349 MEDIUM
Mahara 20.10 - Cross-Site Request Forgery via Inbox Mail Deletion
CVSS 6.5
CVE-2021-21638 HIGH
Jenkins Team Foundation Server Plugin < 5.157.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-21633 HIGH
Jenkins OWASP Dependency-Track < 3.1.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-21629 HIGH
Jenkins Build With Parameters Plugin < 1.5 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-26216 MEDIUM
SeedDMS 5.1.0-5.1.20 - Cross-Site Request Forgery in out.EditFolder.php
CVSS 4.3
Details
Vulnerabilities 9,374
Exploit Likelihood Medium